Fritz Connection

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed FRITZ!Box router management skill, but it should be treated as sensitive because it can show private network and call data and can disrupt connectivity.

Install this only if you want an agent to access your FRITZ!Box password, router status, connected-device list, WLAN controls, and call history. Protect the .env file, pin dependencies if possible, and require an explicit confirmation naming the exact action before running reconnect, reboot, or WLAN on/off.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (9)

Description-Behavior Mismatch

Medium

Confidence: 84% confidence
Finding: The documented extension areas go beyond the stated scope of router status/control and include Smart Home and DHCP-related capabilities. This scope drift is dangerous because it normalizes broader control surfaces than users may have consented to, increasing the chance of unauthorized or surprising actions.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: Including DECT Smart Home control examples extends the skill from router management into control of physical devices such as plugs or thermostats. That broadens the impact from informational access to real-world actuation, which can create privacy, safety, and availability risks if invoked without explicit user understanding and authorization.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The approval guidance uses vague examples such as "mach mal" or "ja bitte" for destructive operations like reboot, reconnect, or WLAN changes. Ambiguous confirmation language can lead to accidental execution from casual conversation or misinterpreted context, causing service disruption for the entire network.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The documented status queries expose sensitive personal and network data, including call history, phone numbers, device names, IPs, and MAC addresses, without prominent privacy warnings or minimization guidance. In the context of a home router, this information can reveal household members, devices, behavior patterns, and network structure.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The reboot command immediately invokes DeviceConfig:1/Reboot without any confirmation gate, dry-run, or explicit acknowledgement of service disruption before execution. In an agent-driven environment, this can cause avoidable denial of service by dropping internet, Wi-Fi, and telephony for all connected users if the command is triggered accidentally or through prompt/command confusion.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The WLAN action path changes radio state across multiple networks as soon as the user passes 'on' or 'off', with no confirmation or safety interlock. In an automated or agent-mediated context, this can unexpectedly disconnect users or disable security controls on guest/main networks, creating availability and operational risks.

Unpinned Dependencies

Low

Category: Supply Chain
Content: fritzconnection>=1.15.0 python-dotenv>=1.0.0
Confidence: 93% confidence
Finding: fritzconnection>=1.15.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: fritzconnection>=1.15.0 python-dotenv>=1.0.0
Confidence: 95% confidence
Finding: python-dotenv>=1.0.0

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low

Category: Supply Chain
Confidence: 84% confidence
Finding: python-dotenv

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal